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Subject: Revoking IT and Physical Access for Identified Shared Employees 


Timeframe: Urgent 


Summary 

The House Inspector General (OIG) and HIR Cybersecurity have documented multiple 
procurement irregularities, IT security violations, and shared employee policy violations by five 
shared staff employed by multiple House offices, hereafter referred to as “the employees”. 
Based upon the evidence gathered to this point, we have concluded that the employees are an 
ongoing and serious risk to the House of Representatives, possibly threatening the integrity of 
our information systems and thereby Member’s capacity to serve constituents. 

The employees are: 

1. Rao Abbas 

2. Hina Alvi 

3. Imran Awan 

4. Jamal Awan 

5. Abid “Omar” Awan 





recommendation ° f ^ inqU ‘ t) ' “ d SUpp0rt has greatly informed * is 

With the approval of the Committee, the CAO and the SAA will take the following actions: 

• Disable and remove all access to House information technology resources, including 
both network and local accounts. 

• Disable and remove access to email accounts, remote access accounts/tokens, mobile 

phones and devices. 

• Disable any prox card access. 

• Demand that these individuals surrender equipment. 

• Revoke all parking passes and privileges. 

• Instruct all House office Members’ and their staff where these employees worked to 
change their House account passwords and personal passwords (e.g., iTunes) that they 
may have shared with these employees. 

• Request that the House Superintendent rekey any room or facility used by the 
employees to store data or equipment. 

• In an effort to protect Member’s inventory, alert the United States Capitol Police to be 
on alert for any suspicious activity related to House assets and property by the 

employees. 

Background 

• In March of 2016, the CAO Office of Acquisitions Management discovered suspicious 
purchase orders for mobile equipment by Mr. Omar Awan 1 , a shared employee of 
multiple Member offices. Mr. Awan structured these purchase orders in such a way as to 
bring the asset price below the accountable equipment threshold of $500. 2 

• The Chief Administrative Officer reported the suspicious activity to the Committee on 
House Administration. The Committee on House Administration requested the OIG to 
initiate a formal inquiry of this activity. 

• After reviewing the initial purchase orders, vouchers, and emails, the OIG’s inquiry 
widened to include the above referenced individuals. While performing the inquiry . the 
OIG discovered evidence of irregular procurements as well as violations of both IT 
security and shared employee policies. We have determined twenty House offices were 
victims of the procurement irregularities, and potentially over 40 House Offices may 
have been victims of IT security violations. 

• In September of 2016, as the size and scope of the inquiry widened, the Committee on 
House A dmini stration and the OIG briefed the former Chairman of the Democratic 
Caucus about suspicious activity related to their server that the OIG identified. As a 
result, the former Chairman of the Democratic Caucus directed the CAO to copy the data 

from their server and two computers. 


1 Not to be confused with a CAO employee of the same name. 

2 The individual requested that the equipment vendor reduce the asset purchase price to below $500 and inflate 
the cost of the extended warranty to compensate. 


2 





explicit instructions of the former Chairman to turn over all equipment, and fully 
cooperate with the inquiry and investigation. 

• The USCP interviewed relevant staff regarding the missing server. 

• On January 24, 2017, the CAO acquired the server from the control of the employees and 
transferred that server to the USCP. 

Summary of Evidence Gathered by the House OIG 

Prior to turning over the inquiry to the USCP, the OIG gathered significant evidence related to the 
procurement irregularities and IT security policy violations by the employees. The evidence 
packet assembled by the OIG has been provided to you. 

The packet includes: 

1. Spreadsheet of House vouchers documenting irregular transactions; 

2. Spreadsheet from CDWG documenting open balances; 

3. Purchase orders and vouchers documenting structured purchases; 

4. Interview notes with House Member’s Chiefs of Staff; 

5. Interview notes with equipment vendor; 

6. Equipment inventories and forms; 

7. Job history and wages of each employee; 

8. Logon activity and computer access logs, 

9. Pictures of boxes of stored equipment, and, 

10. OIG analysis documents. 


The following summarizes 


izes the findings of the OIG; supported by the evidence packet. 


Summary of Procurement Irregularities 


The Guide to Outfitting and Maintaining < 

by the Committee on House Administrati 

Member and Committee office equipment i 

The OIG documented numerous instances 

assets to avoid controls over property and equipment. 



The OIG documented: 
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• i mrt\ -four purchases totaling nearly Sj 8.000 where the emp loyees rumour ed ik : _r'_ -vs/e 
to avoid the S500 accountable equipment threshold, without the Members knnwidae 

• S219.000 in outstanding invoices ov.ee to CDW-G for purchases crobestrsec m these 
employees, some of which were for invoices more than 500 cays old. ah of which me 

unknown to the Member" s office. 

• Eighty-three pieces of missing equipment with a purchase price of 5118.683.80 mar. hah 
been ‘‘written off’ from the House inventory by CAO staff a: me direction of the shared 
employees. Missing equipment included laptops. iPads, TVs, video confereutmn 

equipment, and computers. 

• Fourteen examples of equipment delivered to the home of some of the emp loyees mmead 
of the House of Representative, thus bypassing internal controls during the recerdnz 

process. 

• Examples of unopened equipment being stored at unknown lotah: ns for long per: :>ds 


Summary of Shared Employee Regulation Violation* 


Fhe House itthics Manual, 2 U.S.C. § 4701, and Committee on House Adnmmsmantn ihunar 
nr rpioyee 1-lanual aL prohibit the sharing or subienin-z of job duhes with other ■- - - - 

emp.oyen by 1 cirteren: Member or Committee offices or 2) indi'.f duals who are no:: n me 1-1: use 

payroll. 

Fhe CaO nas documented that in both calendar vears 2015 and 2016 , cash emruuee 
acknowledged that ne or she had read and understood the Stared Employ ee J.faun.:. 5 term call ;• 

the employees acknowledged rhar they would: 

• The pay I receive mom each employing authority will ref.ee: the dunes s:r_n sen: ~ e: 

for each employing authority. 

• I will inform each employing authority, in writing, of all cf the enures ::r m:: . - — 
wo mr . g , and will inform each employing authority, in writing. rr rhanue m tins stem 

• I will neither share my job duties nor sublet any pordon of my ozneiai dunes. 

• I will utilize House assigned email accounts for ail of my work for House onuses 

• I will have an established system to keep all House records under my o : nn: 1 set _re 

• I am currently, and will take all necessary steps to remain, in ccmrhanre m ms 
mandatory provisions of law and regulation described in the demon Hou rs . — - 
and will abide by all House statutes, rules and regulations, whether mey are :: are rmo 
in this certification or the Shared Employee Manual 


The OIG documented: 


• .ne five employees shared job duties with one another even though uifteren: chutes 

employed them. 

• Numerous examples of the employees inter mingling computer equipment w ith ne on e 

they supported, without the knowledge of their employing offices. The summunon o: me 

OIG’s interv iew with one Chief of Staff is of note: 

Coming in on a Saturday and finding Omar in the office with eq firmer.: 

everywhere. She stated, “It looked like Christinas with little TVs. ?ous e:o 
scattered around the room.” She stated that Omar told her "these hems a ere 
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tn°t e ; s f ^Te bd0n8ed 10 “ 0d “ 0ffce ” Sl * *»“ «*» <0 * 

™ "Ot House e m p,oyees. 

with the other for. the “ * Justness, 

One of the employees appears to have violated outside fiduciary restrictions on senior staff. 


Summary of House IT Security Policy Violations 

The OIG documented numerous and egregious violations of House IT Security, including: 

• Principles of Behavior for Information System Users: Users must access and use only 
information for which they have official authorization. 

• HISPOL 002.0 Protecting Systems from Unauthorized Use Section 2.2 - Users shall 
access and use only information for which they have official authorization. 

I_ • HISPOL 009.00 Password Protection: Policy 2.6- Do not share UserlDs and passwords 

with anyone. 

• HISPOL 010.0 — Protection of Sensitive Information, Section 2.3 — All House sensitive 
information must be stored on House owned equipment. 

• HISPOL 016.00 Security Policy for Privileged Account Management - Security' Section 
3.3.7 - Multiple users shall not share access to an individual Privileged Account. 


Examples of such violations documented by the OIG include: 

• These employees accessed user accounts and computers for offices that did not employ 
them, without the knowledge or permission of the impacted Member’s office. 

• The employees established permissions in offices so that each of the five could administer 
computers in other offices. This could have resulted in Member’s data being accessed by 
someone unknown and unauthorized by the office. HIR Cybersecurity identified 107 
workstations supported by the shared system administrators that have groups outside . . c 
workstation’s office assigned administrative permissions. 

• One of the employees accessed accounts, including some assigned to Members, nine times 
in September 2016. The offices who owned these accounts did not employ the employee. 
These accesses occurred on Democratic Caucus computers, even though the employ ee a : 
never been employed by the Democratic Caucus, and without the knowledge or the 
Democratic Caucus. 

• Four of the employees accessed the Democratic Caucus computers 5’35 tunes, eve., 
though the Democratic Caucus did not employ these employees. HIR Cybersec uruy 
speculates that the employees used the Democratic Caucus server as an entry pou am 
jumping off point to access computers for other House offices. 

• Forty logons to computers the employees were not authorized to access. 

• The sharing of passwords and accounts by the employees, including sharing privileged 
accounts. 

• The unauthorized storage of sensitive House information outside the House. 
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